RE: [nsp] High CPU with NAT - some output

From: Marcio Pilotto (marcio.pilotto@intelig.net.br)
Date: Tue Jul 10 2001 - 08:12:37 EDT

Following is the output of show version:

= show version
========= output begin ==============
Cisco Internetwork Operating System Software
IOS (tm) 3600 Software (C3640-I-M), Version 12.0(7)XK1, EARLY DEPLOYMENT
RELEASE
 SOFTWARE (fc1)
TAC:Home:SW:IOS:Specials for info
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Thu 16-Mar-00 22:09 by phanguye
Image text-base: 0x600088F0, data-base: 0x608C2000

ROM: System Bootstrap, Version 11.1(20)AA2, EARLY DEPLOYMENT RELEASE
SOFTWARE (f
c1)
ROM: 3600 Software (C3640-I-M), Version 12.0(7)XK1, EARLY DEPLOYMENT RELEASE
SOF
TWARE (fc1)

redetv uptime is 2 days, 7 hours, 3 minutes
System returned to ROM by power-on
System image file is "flash:?"

cisco 3640 (R4700) processor (revision 0x00) with 123904K/7168K bytes of
memory.
Processor board ID 24363715
R4700 CPU at 100Mhz, Implementation 33, Rev 1.0
Channelized E1, Version 1.0.
Bridging software.
X.25 software, Version 3.0.0.
Primary Rate ISDN software, Version 1.1.
2 FastEthernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
2 Serial(sync/async) network interface(s)
2 Channelized E1/PRI port(s)
DRAM configuration is 64 bits wide with parity disabled.
125K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102

============== output end ================

Output of show ip nat translation

* show ip nat translation
********** output begin ******************************

Pro Inside global Inside local Outside local Outside global
tcp 200.184.27.225:1077 10.10.0.20:1077 200.246.208.47:80
200.246.208.47:80
tcp 200.184.27.225:1082 10.10.0.20:1082 200.246.208.47:80
200.246.208.47:80
--- 200.184.27.227 10.10.0.1 --- ---
--- 200.184.27.228 10.10.0.2 --- ---
--- 200.184.27.229 10.10.0.3 --- ---
--- 200.184.27.230 10.10.0.4 --- ---
--- 200.184.27.231 10.10.0.5 --- ---
--- 200.184.27.232 10.10.0.6 --- ---
--- 200.184.27.233 10.10.0.7 --- ---
--- 200.184.27.234 10.10.0.8 --- ---
--- 200.184.27.235 10.10.0.9 --- ---
--- 200.184.27.236 10.10.0.12 --- ---
--- 200.184.27.237 10.10.0.190 --- ---
tcp 200.184.27.225:3622 10.10.0.22:3622 200.187.233.7:80
200.187.233.7:80
tcp 200.184.27.225:3626 10.10.0.22:3626 200.187.233.7:80
200.187.233.7:80
tcp 200.184.27.225:3627 10.10.0.22:3627 200.187.233.7:80
200.187.233.7:80
tcp 200.184.27.225:3628 10.10.0.22:3628 200.187.233.7:80
200.187.233.7:80
tcp 200.184.27.225:1075 10.10.0.20:1075 200.246.211.33:443
200.246.211.33:443
tcp 200.184.27.225:1083 10.10.0.20:1083 200.246.211.33:443
200.246.211.33:443

*********** output end *****************

- show process cpu
--------- output being ---------------
CPU utilization for five seconds: 21%/13%; one minute: 21%; five minutes:
21%
-------- output end ------------------

CEF is enable at all interfaces but CEF does not work with NAT!

With show interfaces switching command we can see that all output packets
are process switching. It does not care if you use netflow switching, fast
switching or even CEF.

My question is: that´s a *NORMAL* behaviour or I am facing a bug? Has anyone
faced this problem before? How does you fixed it?

Regards,

Marcio

-----Original Message-----
From: Gert Doering [mailto:gert@greenie.muc.de]
Sent: terça-feira, 10 de julho de 2001 04:47
To: Marcio Pilotto; cisco-nsp@puck.nether.net
Subject: Re: [nsp] High CPU with NAT

Hi,

On Mon, Jul 09, 2001 at 06:58:31PM -0300, Marcio Pilotto wrote:
> All my output packets are process switching but the CPU cost are very high
> even just for static translation.

Process switching *is* expensive - so it's normal that the CPU load is
high then. Can you go to fast switching or CEF?

gert 

-- 
USENET is *not* the non-clickable part of WWW!
 
//www.muc.de/~gert/
Gert Doering - Munich, Germany
gert@greenie.muc.de
fax: +49-89-35655025
gert.doering@physik.tu-muenchen.de

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:44 EDT